From: tb <tb@openbsd.org>
Date: Wed, 17 Apr 2024 13:47:18 +0000 (+0000)
Subject: Fix error check in ecdh_cms_encrypt()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=4056bf7d77ac5ea11baf4530b77738fd053f0b32;p=openbsd

Fix error check in ecdh_cms_encrypt()

ASN1_TYPE_get() returns V_ASN1_* constants.  Checking the return for
NID_undef instead means that we actually check for V_ASN1_EOC, which
makes absolutely no sense here. Clearly V_ASN1_UNDEF was intended.

ok jsing
---

diff --git a/lib/libcrypto/ec/ec_ameth.c b/lib/libcrypto/ec/ec_ameth.c
index a73add0c24e..739297346c7 100644
--- a/lib/libcrypto/ec/ec_ameth.c
+++ b/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.53 2024/04/14 15:41:09 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.54 2024/04/17 13:47:18 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -1013,7 +1013,7 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri)
 		goto err;
 	if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
 		goto err;
-	if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
+	if (ASN1_TYPE_get(wrap_alg->parameter) == V_ASN1_UNDEF) {
 		ASN1_TYPE_free(wrap_alg->parameter);
 		wrap_alg->parameter = NULL;
 	}